diff options
author | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-11-05 16:36:30 -0800 |
---|---|---|
committer | Avijit Kanti Das <avijitnsec@codeaurora.org> | 2014-11-12 11:44:55 -0800 |
commit | b73cff1f7b83add4a815fb2d768194c3174d56c1 (patch) | |
tree | 2f7c9a5d9774258fee5b278482518cb8069ae789 /common/rfs_access.te | |
parent | 630212a4cfc0d712732027ec342f753d71308ba6 (diff) | |
download | android_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.tar.gz android_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.tar.bz2 android_device_qcom_sepolicy-b73cff1f7b83add4a815fb2d768194c3174d56c1.zip |
Seandroid: Adding context for rfs access
Adding context for rfs_access and adding few more
policies
Change-Id: Ic8df22f19adc27af32c618ac3e6da657e93c73bb
Diffstat (limited to 'common/rfs_access.te')
-rw-r--r-- | common/rfs_access.te | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/common/rfs_access.te b/common/rfs_access.te index 129ffa3b..ec946c27 100644 --- a/common/rfs_access.te +++ b/common/rfs_access.te @@ -38,3 +38,6 @@ allow rfs_access firmware_file:file { open read getattr }; #Prevent other domains from accessing RFS data files. neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:dir { write search create add_name }; neverallow { domain -rfs_access -kernel -recovery -init userdebug_or_eng(`-su') -init_shell } rfs_data_file:file { open read write create append getattr }; + +allow rfs_access self:capability { setuid setpcap net_raw }; +allow rfs_access smem_log_device:chr_file rw_file_perms; |